Desktop Authority must deploy certain files to client machines. These client files are used to support the DA Administrative Client service, Desktop Agent and the Computer Management service.
The client files are deployed using Smart Client Provisioning. Smart Client Provisioning dynamically chooses from the best of several deployment approaches at runtime to determine which method will work on the client. Once a deployment option is found the files are deployed to the machine. The specific technique that is chosen to deploy the client files depends on the client environment and the obstacles present in that environment.
The client files may be deployed using the DA GPO client side extension. However configuring this requires higher permission levels than non-domain admins, such as an OU Admin, would typically have. Therefore, in some cases, an OU Admin would not be able to configure the files for deployment to clients without assistance from a Domain Admin. Having to request a Domain Admin to help configure this, defeats the purpose of having an OU Admin, who should be able to configure and deploy files to the clients under the OU they are in charge of.
It is due to this privilege level issue and other circumstances, that Smart Client Provisioning has been implemented. Smart Client Provisioning will go through a series of steps to get the client files deployed to or installed on client machines.
Client Provisioning is configured by selecting Deployment Settings > Client Deployment > Client Provisioning. Click the Edit button and configure Logon-based provisioning by specifying a preferred domain, domain controller and the client files location. Desktop Authority will do the rest of the work for you.
Figure 7: Configuring Client Provisioning
|
Note: For more information on Smart Client Provisioning, please review the documentation provided in the Administrator’s Guide, Online Help, or the Smart Client Provisioning article. |
For customers with a desire to configure remote machines while they are disconnected from the corporate network, Desktop Authority offers an off-network support feature. Once properly configured, remote users and computers will continue to receive the most applicable configuration updates as long as an active internet connection is maintained. Please see the Desktop Authority Administration Guide for more information on configuring Off-Network Support.
Desktop Authority User Management settings are configured on client computers when a user logs on to the machine. During the logon process, the user is authenticated by a Domain Controller. Desktop Authority is launched by a logon script that is specified in Active Directory for the user. Desktop Authority’s logon script is SLOGIC.bat. This logon script can be assigned to users in Active Directory within the Desktop Authority Manager.
The Assign Script dialog can be found within the Deployment Settings tab. Go to Deployment Settings > Client Deployment > Assign Script.
Once on the Assign Script object you must locate one or more users to whom the logon script will be assigned. You may enter a search term to find a user1, and/or choose the Domain or an OU and click on the Find User button. Look through the returned list of users to locate the ones who will have the script assigned to them. Select the user(s) by clicking the checkbox to the left of the User Name2. Once all necessary users are selected, click the Assign script button. You will see the SLOGIC script get assigned to the selected user(s) in the Logon Script column.
Figure 8: How to use the Assign Script dialog
|
Note: The Active Directory script assignment is performed on a single Domain Controller, the same as when a script is assigned within Active Directory. This change will be replicated to all other Domain controllers by NTFRS. |
Once all configuration settings are complete and profile elements created they must be replicated. Replication takes the information from the database, creates the necessary configuration files and then copies them to the selected targets as specified in Server Manager target folders. (Details about Server Manager can be found in the Desktop Authority online help or Administrator’s Guide.) In a typical environment, the replication targets are subdirectories under Sysvol on the Domain Controllers. It is recommended to populate Server Manager with all of the Domain Controllers with the DA Administrative service installed to them. However, it is highly recommended to only select one of your Domain Controllers as a target for replication.
The replication process uses the account specified for the DA Manager (Console) service, which requires access to the Domain Controllers. By default, the Computer Management target folder is located at “C:\Windows\SYSVOL\sysvol\Domain.Name\Policies\Desktop Authority\Device Policy Master”. The default User Management target folder is “C:\Windows\SYSVOL\sysvol\Domain.Name\scripts”, which is shared as NETLOGON. These folders may be changed in Server Manager, if necessary. Please refer to the File Paths appendix for the correct path(s) based on the version of Desktop Authority you are using.
If your service account does not have access to the Domain Controllers, then DA can be configured to use member servers. Please contact Technical Support for further assistance working within a Member Server configuration.
At the bottom right-side of the Manager, there is a Replication status indicator. The status indicator will show as green or yellow. A green status means that all configurations have been saved and replicated to the target. Please allow NTFRS to replicate the configuration settings to the rest of the Domain Controllers in your environment. Yellow status means that the configurations must be replicated. Simply click on the Replication button to begin the process.
Once the settings are replicated you are ready for the computer and user settings to be configured on the client workstations.
For further details on using Desktop Authority, please reference the Administrator’s Guide, Installation and Upgrade Guide, Reporting Guide and/or the built-in online help when running the Manager.
The following table describes the paths that Desktop Authority uses.
Desktop Authority upgrades from previous versions to 11.3.1 will use the existing installation paths.
|
Important: PF stands for %programfiles% in an x86 environment and %programfiles(x86)% in a x64 environment |
Location Install paths for upgrades from ver 9.x to 11.3.1 |
Install Path for ver 11.3.1 | ||
---|---|---|---|
Group Policies Admx file location | |||
|
| ||
Remote Mgmt Alternate DesktopAuthority.exe default location (shared as SLDAClient$) | |||
|
| ||
Default MS SQL 2014 Server Express installation location | |||
|
| ||
Default MS SQL 2014 Server Express database location | |||
|
| ||
Website Configuration DA Virtual Directory | |||
|
| ||
Desktop Authority Manager location (shared as SLogic$) | |||
|
| ||
DA Manager ProgramData logs | |||
|
| ||
Website Configuration Web service Virtual Directory | |||
|
| ||
Default Update Service Download Cache | |||
|
| ||
Update Service Location | |||
|
| ||
Update Service Log File | |||
|
| ||
Update Service Status Reporter Log File | |||
|
| ||
| |||
OpsMaster ETL Repository | |||
|
| ||
Signature Files | |||
|
| ||
Admin Service XML file repository (shared as slETL$) | |||
|
| ||
Admin Service Log file | |||
|
| ||
Admin Service StatusGateway log | |||
|
| ||
| |||
User Management Replication | |||
|
| ||
Computer Management Replication | |||
|
| ||
Replication Log | |||
|
|
Prior Paths | New or 11.3.1 Version Paths |
USB/Port Security devices | |
|
|
User Detailed Trace File | |
|
|
Computer verbose debug mode | |
|
|
Client Files and Agents | |
|
|
Expert Assist | |
|
|
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. 使用条款 隐私 Cookie Preference Center